ssh keys and radius, how do you guys manage it?

  • 0
  • 1
  • Question
  • Updated 8 months ago
  • Acknowledged
Ok at the moment we use radius for auth and acct to secure our switches, and while this is great and works we sort of want to up the security. On linux this is either being handled by disabling passwords completely and relying on sshkeys....

What i was wondering is how are people handling this on extreme?

I know i can manually add my ssh key to an on-box user i've done it and it does work fine but the issue is then i have to manually add not just the keys for all my admins to every switch on my network but i also have to generate static users on all of those switches as well?

Their doesn't seem to be a way to feed sshkeys from a radius server or some other central distro of keys. And the idea of having local users + radius users on all my boxes starts to make my head explode.

So just wondering how others are handling this? I imagine the actual easiest way is just throwing a bunch of keys under the default "admin" user but still if your looking at a lot of switches even that gets tiresome, especially if you need to eventually drop a key from all the boxes.
Photo of Chris


  • 492 Points 250 badge 2x thumb

Posted 9 months ago

  • 0
  • 1
Photo of Matthew Hum

Matthew Hum

  • 362 Points 250 badge 2x thumb
Not really a solution but you can use the command script tool or even something like a perl/bash script to put all the keys on your switches (or remove one).